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DETAILED ACTION 
Remarks 

1. In response to communications files on 16-May-2005, claims 11-12 were cancelled and 
claim 1 is amended per applicant's request. Therefore, claims 1-10 are presently pending 
in the application. 

Claim Rejections - 35 USC §103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at the time the invention was made to a 
person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived 
by the manner in which the invention was made. 

3. Claims 1-2 are rejected under 35 U.S.C. 103(a) as being unpatentable over Gutman et al. 
(U.S. patent No. 6,298,383) in view of Vu (U.S. patent No. 5,623,601). 

As to claim 1, Gutman et al. teaches a method of enabling a proxy client in 
a secured network to access a target service on behalf of a user (see column 10, lines 47-79), 
comprising the steps of: 

registering proxy authorization information regarding the user with a 
trusted security server, the proxy authorization information identifying the proxy client and an 
extent of proxy authorization, the extent of proxy authorization comprising a restriction on a 
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range of target services that the proxy client may access on behalf of the user (see column 1, 
lines 41-45; column 1, lines 62-67; column 2 lines 1-4; and column 10, lines 51-52); 

comparing, by the trusted security server, the proxy request with the proxy 
authorization information of the user to determine whether to grant the proxy request (see 
column 10, lines 53-55); and 

issuing, by the trusted security server, a data structure containing 
authentication data recognizable by the target service for authenticating the proxy client for 
accessing the target service on behalf of the user (see column 1, lines 65-67 and column 9, lines 
32-38). 

Gutman et al. does not teach submitting, by the proxy client, a proxy request to the trusted 
security , server requesting access to the target service on behalf of the user. 

Vu teaches method that provide a security to private and public network (see abstract), in 
which he teaches submitting, by the proxy client, a proxy request to the trusted security server 
requesting access to the target service on behalf of the user (see column 5, lines 1.6-30 and 
column 8, lines 54-64). 

Therefore, it would have been obvious to a person having ordinary skill in the time the 
invention was made to have modifies Gutman et al. to include submitting, by the proxy client, a 
proxy request to the trusted security server requesting access to the target service on behalf of the 
user. 

It would have been obvious to a person having ordinary skill in the time the invention was 
made to have modifies Gutman et al. by the teaching of Vu, because submitting, by the proxy 
client, a proxy request to the trusted security server requesting access to the target service on 
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behalf of the user, would enable the method of enabling a proxy client, because "The method in 
accordance with the invention involves protecting a private network interconnected with a 
potentially hostile network whereby a gateway between the two networks transparently imitates a 
host when a communication data packet is received from a client on one of the networks by 
initiating a communication session with the client. If the client is determined to have access 
rights to the requested service, the gateway station imitates the client to the host on the other 
network by initiating a communications session with the host. Thereafter, data is passed between 
the client session and the host session by a process which coordinates communications between 
the two distinct, interdependent communications sessions which proceed between the client and 
the gateway station and the host and the gateway station", (see Vu, column 5, lines 15-30). 

As to claim 2, Gutman et al. teaches a method wherein the data structure is a ticket 
containing a session key for use in a session formed between the proxy client and the target 
service (see Gutman et al., column 2, lines 11-17). 

4. Claims 3-8 and 10 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gutman et al. (U.S. patent No. 6,298,383) in view of Vu (U.S. patent No. 5,623,601) as applied 
to claims 1-2 above, and further in view of Higley et al . (U.S. patent No. 5,913,025). 

As to claim 3, Gutman et al. as modified still does not teach, wherein the ticket is encrypted 
with a secret key shared by the target service and the trusted security server. 
Higlev et al. teaches a method for proxy authentication to access a target 
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(see abstract), in which he teaches wherein the ticket is encrypted with a secret key shared by the 
target service and the trusted security server (see column 2, lines 18-19). 

Therefore, it would have been obvious to a person having ordinary skill in the time the 
invention was made to have modifies Gutman et al. as modified, to include wherein the ticket is 
encrypted with a secret key shared by the target service and the trusted security server. 

It would have been obvious to a person having ordinary skill in the time the invention was 
made to have modifies Gutman et al. as modified, by the teaching of Higley et al . because 
wherein the ticket is encrypted with a secret key shared by the target service and the trusted 
security server, would enable the method to maintain the password or key in secret and the client 
can feel more secure using the network. 

As to claim 4, Gutman et al. as modified still does not teach wherein the step of comparing 
determines whether a proxy duration specified by the proxy authorization information has 
expired. 

Higley et al. teaches a method for proxy authentication (see abstract), in which he teaches 
wherein the step of comparing determines whether a proxy duration specified by the proxy 
authorization information has expired (see column 8, lines 16-18). 

Therefore, it would have been obvious to a person having ordinary skill in the time the 
invention was made to have modifies Gutman et al. as modified to include wherein the step of 
comparing determines whether a proxy duration specified by the proxy authorization information 
has expired. 
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It would have been obvious to a person having ordinary skill in the time the invention 
was made to have modifies Gutman et al. as modified by the teaching of Higlev et aL because 
wherein the step of comparing determines whether a proxy duration specified by the proxy 
authorization information has expired, would enable the method to have more control of the 
access to the network and will be more secure for the clients. 

As to claim 5, Gutman et al. as modified still does not teach wherein the step of submitting 
the request includes transmitting a ticket for authenticating the proxy client to the trusted security 
server. 

Higlev et al. teaches a method for proxy authentication (see abstract), in which he teaches 
wherein the step of submitting the request includes transmitting a ticket for authenticating the 
proxy client to the trusted security server (see column 5, lines 17-26). 

Therefore, it would have been obvious to a person having ordinary skill in the time the 
invention was made to have modifies Gutman et al. as modified to include wherein the step of 
submitting the request includes transmitting a ticket for authenticating the proxy client to the 
trusted security server. 

It would have been obvious to a person having ordinary skill in the time the invention 
was made to have modifies Gutman et al. as modified by the teaching of Higlev et aL because 
wherein the step of submitting the request includes transmitting a ticket for authenticating the 
proxy client to the trusted security server, would enable the method to verify the information of 
the authentication of the client. 
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As to claim 6, Gutman et al . teaches storing proxy authorization information 
from a user for authorizing a proxy client to act as a proxy of the user (see column 2, lines 6-10); 
and 

determining, based on the proxy authorization information of the user, whether to grant the 
proxy request (see column 12, lines 20-24). 

Gutman et al . does not teach a computer-readable medium having computer-executable 
instructions for performing steps: 

constructing a data structure containing authentication data recognizable by the target 
service for authenticating the proxy client for accessing the target service on behalf of the user. 

Higley et al . teaches authorization to access a target (see abstract), in which he teaches a 
computer-readable medium having computer-executable instructions (see column 4, lines 52-58 
and column 5, lines 1-2) for performing steps: 

constructing a data structure containing authentication data recognizable by the target 
service for authenticating the proxy client for accessing the target service on behalf of the user 
(see column 5, lines 17-26). 

Therefore, it would have been obvious to a person having ordinary skill in the time the 
invention was made to have modifies Gutman et al . to include a computer-readable medium 
having computer-executable instructions for performing steps: 

constructing a data structure containing authentication data recognizable by the target 
service for authenticating the proxy client for accessing the target service on behalf of the user. 
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It would have been obvious to a person having ordinary skill in the time the invention was 
made to have modifies Gutman et al . by the teaching of Higley et aL because a computer- 
readable medium having computer-executable instructions for performing steps: 

constructing a data structure containing authentication data recognizable by the target 
service for authenticating the proxy client for accessing the target service on behalf of the user, 
would enable the method to provide a secure network for the clients that want to use the public 
network. 

Gutman et al . as modified still does not teach receiving a proxy request from the proxy 
client to access a target service on behalf of the user. 

Vu teaches method that provides a security to private and public network (see abstract), in 
which he teaches receiving a proxy request from the proxy client to access a target service on 
behalf of the user (see column 5, lines 16-30 and column 8, lines 54-64). 

Therefore, it would have been obvious to a person having ordinary skill in the time the 
invention was made to have modifies Gutman et al. as modified to include receiving a proxy 
request from the proxy client to access a target service on behalf of the user. 

It would have been obvious to a person having ordinary skill in the time the invention was 
made to have modifies Gutman et al. as modified by the teaching of Vu, because receiving a 
proxy request from the proxy client to access a target service on behalf of the user, would enable 
the method of enabling a proxy client, because "The method in accordance with the invention 
involves protecting a private network interconnected with a potentially hostile network whereby 
a gateway between the two networks transparently imitates a host when a communication data 
packet is received from a client on one of the networks by initiating a communication session 
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with the client. If the client is determined to have access rights to the requested service, the 
gateway station imitates the client to the host on the other network by initiating a 
communications session with the host. Thereafter, data is passed between the client session and 
the host session by a process which coordinates communications between the two distinct, 
interdependent communications sessions which proceed between the client and the gateway 
station and the host and the gateway station", (see Vu, column 5, lines 15-30). 

As to claim 7, Gutman et al. as modified teaches a computer-readable medium having 
further computer-executable instructions for performing the step of authenticating the user based 
on a password of the user before storing the proxy authorization information (see Higlev et aL 
column 5, lines 20-21). 

As to claim 8, Gutman et al. as modified teaches a computer-readable medium wherein the 
step of receiving the proxy request includes authenticating the proxy client based on a ticket 
issued to the proxy client for communicating with the trusted security server (see Higlev et al. 
column 2, lines 18-19). 

As to claim 10, Gutman et al. as modified teaches a computer-readable medium wherein 
the data structure is encrypted with a key shared by the target service and the trusted security 
server (see Higlev et al.. column 2, lines 18-19). 



Application/Control Number: 09/490,199 Page 10 

Art Unit: 2164 

5. Claim 9 is rejected under 35 U.S.C. 103(a) as being unpatentable over Gutman et al. 
(U.S. patent No. 6,298,383) in view of Vu (U.S. patent No. 5,623,601) and further in view of 
Higlev et al . (US. patent No. 5,913,025) as applied to claims 3-8 and 10 above, and still further 
in view of Subramaniam et al. (U.S. patent No. 6,081,900). 

As to claim 9, Gutman et al. as modified still does not teach a computer-readable medium 
having further computer-executable instructions for performing the step of sending the data 
structure to the proxy client for presenting to the target service for authentication of the proxy 
client. 

Subramaniam et al . teaches method and system are provided for secure access to a network 
(see abstract), in which he teaches a computer-readable medium having further 
computer-executable instructions for performing the step of sending the data structure to the 
proxy client for presenting to the target service for authentication of the proxy client (see column 
15, lines 29-38 and column 16, lines 1-15). 

Therefore, it would have been obvious to a person having ordinary skill in the time the 
invention was made to have modifies Gutman et al. as modified to include a computer-readable 
medium having further computer-executable instructions for performing the step of sending the 
data structure to the proxy client for presenting to the target service for authentication of the 
proxy client. 

It would have been obvious to a person having ordinary skill in the time the invention was 
made to have modifies Gutman et al. as modified by the teaching of Subramaniam et al. , because 
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wherein the security principal is a client on the secured network, would enable the method to be 
sure that the client has authorization, and that made the network more secure. 

Response to Arguments 
6. Applicant's arguments filed 16- May- 2005 with respect to the rejected claims in view 
of the cited references have been fully considered but they are not found persuasive: 

In response to applicants' arguments that " Gutman et ah fail to teach or suggest 
registering proxy authorization information regarding the user with a trusted security server, the 
proxy authorization information identifying the proxy client and an extent of proxy 
authorization, the extent of proxy authorization comprising a restriction on a range of target 
services that the proxy client may access on behalf of the user", the arguments have been fully 
considered but are not deemed persuasive, because Gutman et al. teaches "Traditional 
wholesale ISPs and Roaming Service Providers offer network access through a technique called 
Authentication proxy ing" (see Gutman et al.. column 1, lines 41-43). 

"Hence, the ISP will "proxy" out the authentication transaction to the corporation. An 
AAA service within the corporation then identifies the user, verifies the password, and 
provisions the user. Then the AAA service notifies the ISP's proxy server that the user is 
acceptable and passes along provisioning details associated with the user (such as an EP address 
to use or a pool identification of an EP address pool from which an IP address needs to be 
allocated). The ISP then grants the user access to the network based upon the reply it gets back 
from the corporation", (see Gutman et al.. column 1, lines 62-67; column 2 lines 1-4). 
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In response to applicants' arguments that " Gutman et al fail to teach or suggest 
proxy authorization information", the arguments have been fully considered but are not deemed 
persuasive, because Gutman et al. teaches "What really happens in that scenario is that the ISP 
determines that the user belongs to Corporation A (Corp.sub.A) by parsing either the fully 
qualified domain name (FQDN) supplied by the user, a DNIS ID, or some other mechanism. 
Having determined that the user trying to gain access belongs to Corp.sub.A, the ISP cannot 
really authenticate the user. As noted earlier, the user's record is still with the corporation. 
Hence, the ISP will "proxy" out the authentication transaction to the corporation. An AAA 
service within the corporation then identifies the user, verifies the password, and provisions the 
user. Then the AAA service notifies the ISP's proxy server that the user is acceptable and 
passes along provisioning details associated with the user (such 

as an EP address to use or a pool identification of an IP address pool from which an IP address 
needs to be allocated). The ISP then grants the user access to the network based upon the reply 
it gets back from the corporation. This technique is called proxying", (see Gutman et al.. 
column 1, lines 55-67 and column 2, lines 1-5). 

Conclusion 

7. Any inquiry concerning this communication or earlier communications from the 

examiner should be directed to Belix M. Ortiz whose telephone number is 571-272-4081. 
The examiner can normally be reached on moday-friday 9am-5pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Dov Popovici can be reached on 571-272-4083. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
bmo 

June 15, 2005 




SAM RIMELL 
-MARY EXAMINER 



